[apparmor] [PATCH] apparmor: document capability.c:profile_capable ad ptr not being NULL
Ryan Lee
ryan.lee at canonical.com
Wed Sep 25 00:56:05 UTC 2024
The profile_capabile function takes a struct apparmor_audit_data *ad,
which is documented as possibly being NULL. However, the single place that
calls this function never passes it a NULL ad. If we were ever to call
profile_capable with a NULL ad elsewhere, we would need to rework the
function, as its very first use of ad is to dereference ad->class without
checking if ad is NULL.
Thus, document profile_capable's ad parameter as not accepting NULL.
Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
---
security/apparmor/capability.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 61d7ab4255b0..9f89e8b94993 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -115,7 +115,7 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile
* @profile: profile being enforced (NOT NULL, NOT unconfined)
* @cap: capability to test if allowed
* @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
- * @ad: audit data (MAY BE NULL indicating no auditing)
+ * @ad: audit data (NOT NULL)
*
* Returns: 0 if allowed else -EPERM
*/
--
2.43.0
More information about the AppArmor
mailing list